cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


501
Views
0
Helpful
3
Replies
Beginner

NAT ASA 8.4+

Greetings,

I'm reading through the 8.4 guide NAT configurations explanations and examples. I stumbled on the following example.

The following example configures dynamic NAT that hides 192.168.2.0 network behind a range of

outside addresses 10.2.2.1 through 10.2.2.10:

hostname(config)# object network my-range-obj

hostname(config-network-object)# range 10.2.2.1 10.2.2.10

hostname(config)# object network my-inside-net

hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0

hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

This example confused me because Im looking for the line that ties everything together. How does the last line know to to NAT the inside range if it is not defined in the configuration? Is there a missing configuration that needs to be added?

hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

Thanks in advance for the help.

1 ACCEPTED SOLUTION

Accepted Solutions

NAT ASA 8.4+

Hi,

The object: my-inside-net which is the 192.168.2.0/24 has a NAT statement to translate to the object: my-range-obj which is the range: 10.2.2.1 through 10.2.2.10

So, you have the two above objects defined in the configuration, and under the ''local'' or ''subnet'' object, exists the NAT rule to translate it to the range specified with the other object.

Hope it helps.


Federico.

3 REPLIES 3

NAT ASA 8.4+

Hi,

The object: my-inside-net which is the 192.168.2.0/24 has a NAT statement to translate to the object: my-range-obj which is the range: 10.2.2.1 through 10.2.2.10

So, you have the two above objects defined in the configuration, and under the ''local'' or ''subnet'' object, exists the NAT rule to translate it to the range specified with the other object.

Hope it helps.


Federico.

Beginner

NAT ASA 8.4+

Hi Federico,

Thanks for the clarification. Now I realise where i got confused. The NAT statement is inside the Object-group sub commands.

NAT ASA 8.4+

Glad I could help :-)

Federico.